PASCAL - Pattern Analysis, Statistical Modelling and Computational Learning

ASAP: Automatic Semantics-Aware Analysis of Network Payloads
Tammo Krueger, Nicole Krämer and Konrad Rieck
In: ECML Workshop on Privacy and Security Issues in Data Mining and Machine Learning (PSDML), Sep 2010, Barcelona, Spain.

Abstract

Automatic inspection of network payloads is a prerequisite for effective analysis of network communication. Security research has largely focused on network analysis using protocol specifications, for example for intrusion detection, fuzz testing and forensic analysis. The specification of a protocol alone, however, is often not sufficient for accurate analysis of communication, as it fails to reflect individual semantics of network applications. We propose a framework for semantics-aware analysis of network payloads which automatically extracts semantics-aware components from recorded network traffic. Our method proceeds by mapping network payloads to a vector space and identifying communication templates corresponding to base directions in the vector space. We demonstrate the efficacy of semantics-aware analysis in different security applications: automatic discovery of patterns in honeypot data, analysis of malware communication and network intrusion detection.

PDF - Requires Adobe Acrobat Reader or other PDF viewer.
EPrint Type:Conference or Workshop Item (Paper)
Project Keyword:Project Keyword UNSPECIFIED
Subjects:Theory & Algorithms
ID Code:7696
Deposited By:Konrad Rieck
Deposited On:17 March 2011